The recent events revealed that the internet is not a very safe place. If you don't encrypt your data, it is likely to be analyzed by third parties like intelligence services. So you start to encrypt everything because you care for the safety your customers data. You managed to get it done without extra budget because you use a self-signed certificate - but oh, what is this? A nasty ValidatorException saying "PKIX path building failed". What now?

I assume you understand how encryption using private and public keys works. In short, there are some root certificates which are trusted globally. Every browser uses a set of those certificates, often referred to as "certificate authority (CA) certs". The JVM also has such a set - but unfortunately it doesn't contain the certificate you created!

One possibility to solve this would be to add your certificate to the JVM's trust store on disk. But then you would have to repeat this step after every update, which seems unpractical. The other possibility seems much more appealing: let your application add any missing certificate to the trust store on the fly, in memory, when it starts up. You don't have to repeat adding the cert manually. You don't even change the trust store file on disk!

Here's how it can work: you put the cert(s) you want to have available somewhere inside you project, let's say they are located at /certs/MyOwnCertificate.pem and /certs/MyOtherOwnCertificate.pem now (speaking of the class path). Then you make your app call loadCerts("certs/*.pem") from the code snippet below (full code with imports here) - done!